Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 6 Apr 2006 07:22:45 +0200 (CEST)
From: rembrandt@...erlin.de
To: john-users@...ts.openwall.com
Subject: Re: SYSKEY

Hm..
I can`t find anything about LC crackign Syskey anymore even I remember
that I did it because I tried it out....
I relay run a bruteforce against Syskey even I got a warning that it`s
maybe useless at all....

Was LC6 ever released? (Or a Beta?!)

> I agree.  But I am unsure about adding such system-specific features
> into the main John source tree.

You included also unshadow.

godfather $ unshadow
Usage: unshadow PASSWORD-FILE SHADOW-FILE
godfather $

Btw: Unshadow isn`t portable too! It wont work on OSs wich do not have a
shadow-system.... So "portable" is just a point of view... (even the code
IS portable but you didn`t ported it (I donīt see it at the
binary-archives for DOS)).

Why shouldn`t there be un "unsyskey" for Sam-Files?
Is it realy that complex to replace the word "SHADOW-FILE" with
"SYSKEY-FILE"?
Ok after that it would need some pwdump2-Processing too, that`s correct.
But most peoples who have phy. acces and who are responseable e.g. for
PW-Checking (yes there also the bad guys *looking to the sky*) be happy
about removing even just the Syskey.

The example with the mounted Windows-Partition wasn`t that bad....
Removing the Syskey is possible if you get also the System-File.
So providing an "unsyskey" would be no problem at all.

> (bkhive is not _that_ system-specific - it makes sense to run it on
> non-Windows; but pwdump is.)
>
> I am considering making a "Pro" version of John, distributed primarily
> as pre-built native packages for specific popular systems (Windows,
> Linux, maybe Solaris, maybe Mac OS X) where such features could be
> included.  The same goes about adding a GUI.  This version, if ever made
> and maintained, would likely be non-free or not completely free (at
> least not in the GNU sense).  I would actually pay money for development
> and maintenance of the GUI - I wouldn't want to spend my very own time
> on that.

Free is free like a BSD and nothing else...
Going closed-src is not a solution in my oppinion.
If you wanna earn money: Just tell that clearly...
But who the fuck wanna have a GUI if the cmd-line works perfectly?
Or do you plan to fill the empty space @stake and LC left?

Be truthly and face your goals Solar...
But not thinking about OpenBSD as supported OS makes me kind of sad. Even
I wouldnīt run your product anyway if it gets closed source.

Fyodor got a GUI for free.. don`t you think you`ll find somebody who codes
it....?

If you decide to make John closed source another idol dies...
But maybe that will give me the kick in my lazy butt wich I need to start
coding good C... who knows.

If so: That was MY IDEA [tm][r][c][whatever]....
Isn`t stealing an idea also a crime in the US? ;-))

Well... The decission is yours.


Kind regards,
Rembrandt

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ